India Restricted Access To Vpns And Google Drive For Govt Employees?

The BJP government recently issued an advisory that notes govt employees must avoid 3rd-party VPN services like NordVPN and ExpressVPN as well as cloud storage services like Google Drive and Dropbox.

In its document titled, 'Cyber Security Guidelines for Govt Employees' by the NIC (National Informatics Centre) - a department under the Ministry of Electronics and Information Technology - the govt says the new guidelines are to be followed strictly, or else they could be penalized by the "respective CISOs/department heads." However, the orders are solely designed for government employees and not regular internet users in India.

What does the new order say exactly?

The new 'restricted' document highlights excellent and bad cybersecurity practices for government employees. Apart from restricting access to cloud storage and CC(virtual private network) services, the government order notes that employees should also avoid third-party toolbars (download manager, weather toolbar, askme toolbar) on the internet browser.

The government workers are also advised to stop downloading pirated software.

Similarly, govt workers are asked not to use any "external email services for official communication" and conduct "sensitive internal meetings and discussions" using "unauthorized third-party video conferencing or collaboration tools."

The government wants its employees to start using native services like DigiLocker, which provides loads of services similar to that of Google Drive and Dropbox. It is also likely that the government does not want workers to store data on 3rd-party apps purely for security reasons. Storing files on third-party platforms could leak sensitive data if the account is compromised, which is also possible with in-house services. The NIC guidelines echo the Indian army's advisory on 3rd-party messaging apps for its jawans.

On several occasions, the Indian army asked young soldiers to avoid joining WhatsApp groups with non-army individuals. It has even advised personnel not to share sensitive information or put photos in uniform on platforms like Facebook and Instagram, despite legal services in India.

Similarly, the Indian army launched its in-house messaging app, Army Secure IndiGeneous Messaging Application, to offer better security to its personnel.